Allen,
In that blog, he the user for the Apache server (in httpd.conf) is
the SAME as the user for the BackupPC server (in config.pl).
Yes, that works for me too. However, I am trying to separate the user
that runs Apache and the user that runs BackupPC.
The docs seem to say that all I need to do is make the CGI script
below to the group that the Apache server belongs to. I did that and
it still doesn't work.
Any ideas?
Thanks,
Yaakov.
On 7/22/07, Allen Stowe <[EMAIL PROTECTED]> wrote:
> Yaakov Chaikin wrote:
> > Ok, after reading some more docs, the following set up should work,
> > but it doesn't:
> >
> > 1) Everything that has to do with BackupPC is owned by user "backuppc".
> > 2) config.pl specified "backuppc" as the user.
> > 3) The CGI script (which, for me, happens to be at
> > /usr/share/BackupPC/sbin//BackupPC_Admin) is owned by the "backuppc"
> > user, but its group is set to "apache", which is the same group as the
> > "apache" user has. I.e., the Web server which is run as "apache"
> > should be able to execute the CGI script.
> > 3) My Apache web server loads mod_perl.
> >
> > Ok, after all that, it still gives me the same error message as in the
> > first post.
> >
> > What am I doing wrong here?
> >
> > Thanks,
> > Yaakov.
> >
> > On 7/22/07, Yaakov Chaikin <[EMAIL PROTECTED]> wrote:
> >
> >> Ok, I dug up something from the docs, which says this:
> >> *******************************************************
> >> If you are using mod_perl then apache should run as user __BACKUPPCUSER__.
> >> *******************************************************
> >>
> >> I do have lines in the httpd.conf which load the mod_perl module. So,
> >> I DO have to run apache as the same user as the BackupPC software...
> >>
> >> The only question that I have now is whether people would recommend
> >> not loading mod_perl and then able to run Apache as a different user
> >> than BackupPC.
> >>
> >> Currently, the user that runs Apache has access to Subversion
> >> repositories, so there is definitely a reason to separate them...
> >> Question is whether it's anymore secure or if the way BackupPC works,
> >> it won't matter in the end.
> >>
> >> Any help would be appreciated.
> >>
> >> Thanks,
> >> Yaakov.
> >>
> >> On 7/22/07, Yaakov Chaikin <[EMAIL PROTECTED]> wrote:
> >>
> >>> Hi,
> >>>
> >>> Now that I got my BackupPC working, I broke it again trying to secure
> >>> it further.
> >>>
> >>> Previously, I was told here that I should not be running Apache web
> >>> server as the same user as running BackupPC.
> >>>
> >>> So, I kept Apache running as 'apache' user and switched BackupPC (in
> >>> config.pl) to be "backuppc" user. I also switched all the directories
> >>> that have to do with BackupPC and previously owned by "apache" user to
> >>> being owned by "backuppc" user.
> >>>
> >>> Now, when I try to go through the web browser, the server status page
> >>> give me an error:
> >>> *************************************************************************************
> >>> Error: Wrong user: my userid is 48, instead of 498(backuppc)
> >>>
> >>> This script needs to run as the user specified in $Conf{BackupPCUser},
> >>> which is set to backuppc.
> >>>
> >>> This is an installation problem. If you are using mod_perl then it
> >>> appears that Apache is not running as user backuppc. If you are not
> >>> using mod_perl, then most like setuid is not working properly on
> >>> BackupPC_Admin. Check the permissions on
> >>> //usr/share/BackupPC/sbin//BackupPC_Admin and look at the
> >>> documentation.
> >>> *************************************************************************************
> >>>
> >>> From the error message, it almost sounds like I SHOULD have the user
> >>> that runs Apache be the same user that runs BackupPC. Is that true? If
> >>> not, then how do I fix this problem?
> >>>
> >>> Currently, the //usr/share/BackupPC/sbin//BackupPC_Admin is owned by
> >>> "backuppc" user.
> >>>
> >>> Thanks,
> >>> Yaakov.
> >>>
> >>>
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems? Stop.
> > Now Search log events and configuration files using AJAX and a browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > _______________________________________________
> > BackupPC-users mailing list
> > BackupPC-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/backuppc-users
> > http://backuppc.sourceforge.net/
> >
> >
> Hi Yaakov;
>
> Bimal Pandit made a good simple implementation scenario/script you can
> follow. You have most of it right... Just read the configuration items
> and follow along... Should have you straight in a few minutes in your
> environment... link: http://fedoranews.org/blog/?p=603
>
>
> Allen...
>
> --
> /////////////////////////////////////////
> Break away from the Gates of Windows...
> Support OpenSource communities.
> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
